NHS deploys Microsoft threat detection service on just 30,000 devices

Updated NHS Digital has yet to explain why it has taken months to roll out Microsoft's Enterprise Threat Detection Service (ETDS) to only about two per cent of the UK health service's targeted installed base.

The ETDS element was included in a custom support agreement that covers all NHS orgs in the UK under a framework penned in August following the crippling WannaCry attack in May.

Today, NHS Digital – the body that oversees information technology provided to the sector – told us the use of Microsoft's service will give its techies cyber alerts designed to reduce the chance of a major breach or malware infection, and remediation advice should nasties get through.

It said the service contract followed a pilot with NHS Digital and Blackpool Teaching Hospitals Foundation Trust. ETDS has so far been deployed on "over 30,000 machines" and will "eventually" cover up to 1.5 million devices within healthcare across hospital trusts and GP practices.

ETDS is just one area of the framework the NHS signed last summer: it provides patches and updates for devices across the sector running various flavours of Windows including XP, Server 2003 and SQL 2005. It runs until summer 2018.

The agreement followed the unwelcome news last summer that at least 81 of the 236 NHS Trusts in England were among institutions across the globe that were hit by WannaCry.

The National Audit Office reported on the attack in October and said the UK health service could have defended itself "if only it had taken simple steps to protect its computers". The full extent of financial cost remains unquantified.

The Department of Health failed to agree a working process with NHS England to secure computer and medical kit in the event of a cyber attack, meaning "patients and NHS staff suffered widespread disruption, with thousands of appointments and operations cancelled".

Specifically, 19,494 appointments were shelved and this included 139 patients that had had "an urgent referral for potential cancer cancelled".

The Register asked NHS Digital to detail the cost of the ETDS bought from Microsoft, the cost of the overall year-long framework, why ETDS has only reached 30,000 machines, and if the procurement heads considered alternative suppliers. We were told answers would arrive by the day's end.

The Department for Health and NHS England are so far yet to respond to our request for comment last week, when the team behind an open-source Linux project called it day, citing a lack of support for their work and little appetite among some senior healthcare officials to treat their addiction to Microsoft products and services.

For what it's worth, Dan Taylor, director of security (and clearly a corp-speak expert) at NHSDigital, said: "It is our role to alert organisations to known cybersecurity threats and advise them of appropriate steps to minimise risks; this marks a step change in our capability to provide high quality, targeted alerts to allow organisations to counter these threats and ensure patients' needs continue to be met."

Er, well said, that man.

Updated

NHS Digital has made contact to say it was unable to comment on the amount of money spent on the custom support agreement with Microsoft due to "commercial sensitivity". ETDS is just one element of this agreement.

The PR rep added said the deployment on 30,000 devices marked the "system-wide rollout, following a successful trial period".

"The capability needs to be rolled out gradually by each individual organisation across their own IT infrastructure." This was due to the "complex nature and scope of rolling out such programmes". ®